Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
magdajoele

Vírus gbiehbsb.dll, não consigo remover...

Recommended Posts

Olá,

andei dando uma pesquisada nos fóruns e sei que algumas pessoas já foram ajudadas a se livrarem de um vírus que está no meu pc tb, mas acho que cada caso é um caso, né?

Já tentei várias coisas que recomendara pra outros e pra mim não funcionou, será que tem como me ajudar tb?

É aquele vírus gbiehbsb.dll, que aparece toda vez que ligo o computador. Já instalei o Hijack This, fiz um log(?) e salvei, instalei o Combofix e fiz a mesma coisa, deletei alguns arquivos e fiz de novo um log do Hijack This, mas não sei mais o que fazer, aliás, eu não sei o que fazer...sou totalmente leiga nesse negócio de computador, vírus, hardware, malware, nem sabia que existiam todas essas especificações...por favor, me ajude!:confused:

Não sei se já é cabível, mas vou colocar os logs que fiz:

- O primeiro realizado pelo Hijack This

Logfile of HijackThis v1.99.1

Scan saved at 17:25:13, on 6/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Win\Desktop\ComboFix.exe

C:\Documents and Settings\Win\Configurações locais\Temporary Internet Files\Content.IE5\RRN8RBWT\bitdefender_tsecurity[1].exe

C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\setup.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

- Depois o Combofix:

ComboFix 08-04-04.1 - Win 2008-04-06 16:47:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.161 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\svchost.exe

C:\WINDOWS\winhlp.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))

.

2008-04-06 16:22 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-06 16:22 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-03-23 21:09 . 2008-03-23 21:09 1,606,904 --a------ C:\googletalk-setup-pt-BR.exe

2008-03-18 22:23 . 2008-03-18 22:23 244 --ah----- C:\sqmnoopt03.sqm

2008-03-18 22:23 . 2008-03-18 22:23 232 --ah----- C:\sqmdata03.sqm

2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\WINDOWS\Sun

2008-03-12 22:45 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-12 22:44 . 2008-03-12 22:45 <DIR> d-------- C:\Arquivos de programas\Java

2008-03-12 22:38 . 2008-03-12 22:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-03-08 23:55 . 2008-03-10 17:36 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-08 23:55 . 2008-03-08 23:55 2,528,098 --a------ C:\emule048a.exe

2008-03-07 17:14 . 2008-03-08 16:31 <DIR> d-------- C:\Documents and Settings\Win\Dados de aplicativos\MegauploadToolbar

2008-03-07 17:14 . 2008-03-07 17:14 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-06 19:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-04-05 19:59 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Skype

2008-04-04 13:51 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-04-02 20:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2008-03-24 00:27 --------- d-----w C:\Arquivos de programas\Google

2008-03-02 01:39 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Media Player Classic

2008-03-02 01:39 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-03-02 01:38 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\RadLight Company

2008-03-02 01:37 --------- d-----w C:\Arquivos de programas\RadLight Company

2008-02-19 00:11 6,144 ----a-w C:\WINDOWS\mssnmsgr.dll

2008-02-17 21:22 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\skypePM

2008-02-07 21:42 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Canon

2008-02-07 21:42 --------- d-----w C:\Arquivos de programas\Canon

2007-12-27 01:40 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-12-27 15:53 56 --sh--r C:\WINDOWS\system32\4A51B89571.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

C:\WINDOWS\gbiehbsb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-12-07 14:08 21686568]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 21:11 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"OpwareSE4"="C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2006-07-18 22:41 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-07-18 22:41 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

--a------ 2003-09-20 16:23 45056 C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-ra------ 2006-06-12 22:57 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-ra------ 2006-06-12 22:57 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-ra------ 2006-06-12 22:57 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 19:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-07-18 22:42 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-07-18 22:42 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 12:16 185896 C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1e-c812-11dc-9eb7-00197e55884e}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1f-c812-11dc-9eb7-00197e55884e}]

\Shell\Auto\command - msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{599415b6-b47c-11dc-9e71-00197e55884e}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853d8015-f5dd-11dc-9f30-00197e55884e}]

\Shell\AutoRun\command - fufb6tq3.cmd

\Shell\explore\Command - fufb6tq3.cmd

\Shell\open\Command - fufb6tq3.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aab05648-cab7-11dc-9ebd-00197e55884e}]

\Shell\Auto\command - E:\msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

*Newly Created Service* - ASWFSBLK

*Newly Created Service* - ASWSP

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 16:50:20

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-06 16:51:47

ComboFix-quarantined-files.txt 2008-04-06 19:51:38

Pre-Run: 99,959,934,976 bytes disponíveis

Post-Run: 99,955,556,352 bytes disponíveis

.

2008-03-12 06:02:32 --- E O F ---

- E novamente o Hijack This:

Logfile of HijackThis v1.99.1

Scan saved at 17:25:13, on 6/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Win\Desktop\ComboFix.exe

C:\Documents and Settings\Win\Configurações locais\Temporary Internet Files\Content.IE5\RRN8RBWT\bitdefender_tsecurity[1].exe

C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\setup.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

Agora realmente não sei o que fazer...me ajudem, por favor!

Aguardo uma resposta!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\WINDOWS\mssnmsgr.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi José Melo, imaginei mesmo que seria você meu salvador!

Então, arrastei o texto que mandou colar no bloco de notas pro Combofix e dai pediu pra executar o programa, cliquei ok, e apareceu uma mensagem dizendo que o "Windows não pode abrir este arquivo: pv.cfexe"

Sabe? Aquela caixa de diálogo que pergunta se você quer usar o serviço da web para encontrar um programa apropriado ou selecionar o programa de uma lista.

Então, desativei os anti-vírus do meu pc e consegui isso:

- Log Combofix

ComboFix 08-04-04.1 - Win 2008-04-06 22:46:01.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.221 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Win\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\mssnmsgr.dll

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\mssnmsgr.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))

.

2008-04-06 22:09 . 2004-08-04 00:45 400,384 --a------ C:\WINDOWS\system32\CF18346.exe

2008-04-06 18:27 . 2008-04-06 18:27 <DIR> d-------- C:\Documents and Settings\Win\Dados de aplicativos\PC Tools

2008-04-06 18:27 . 2008-04-06 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-06 18:27 . 2008-04-06 18:46 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-04-06 18:27 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-06 18:27 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-06 18:27 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-06 18:27 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-06 18:04 . 2008-04-06 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-04-06 16:22 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-06 16:22 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-03-23 21:09 . 2008-03-23 21:09 1,606,904 --a------ C:\googletalk-setup-pt-BR.exe

2008-03-18 22:23 . 2008-03-18 22:23 244 --ah----- C:\sqmnoopt03.sqm

2008-03-18 22:23 . 2008-03-18 22:23 232 --ah----- C:\sqmdata03.sqm

2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\WINDOWS\Sun

2008-03-12 22:45 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-12 22:44 . 2008-03-12 22:45 <DIR> d-------- C:\Arquivos de programas\Java

2008-03-12 22:38 . 2008-03-12 22:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-03-08 23:55 . 2008-03-10 17:36 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-08 23:55 . 2008-03-08 23:55 2,528,098 --a------ C:\emule048a.exe

2008-03-07 17:14 . 2008-03-08 16:31 <DIR> d-------- C:\Documents and Settings\Win\Dados de aplicativos\MegauploadToolbar

2008-03-07 17:14 . 2008-03-07 17:14 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 01:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-06 21:10 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Skype

2008-04-06 21:09 --------- d-----w C:\Arquivos de programas\Google

2008-04-06 20:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-04-04 13:51 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-04-02 20:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2008-03-02 01:39 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Media Player Classic

2008-03-02 01:39 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-03-02 01:38 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\RadLight Company

2008-03-02 01:37 --------- d-----w C:\Arquivos de programas\RadLight Company

2008-02-17 21:22 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\skypePM

2008-02-07 21:42 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Canon

2008-02-07 21:42 --------- d-----w C:\Arquivos de programas\Canon

2007-12-27 01:40 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-12-27 15:53 56 --sh--r C:\WINDOWS\system32\4A51B89571.sys

.

((((((((((((((((((((((((((((( snapshot@2008-04-06_16.51.30,56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-07 01:40:39 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-A81200000003}\SC_Reader.exe

- 2008-04-06 19:28:55 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-04-06 21:28:20 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-04-06 19:28:56 68,606 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-04-06 21:28:20 68,606 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-04-06 19:28:56 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-04-06 21:28:20 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-04-06 19:28:56 428,578 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-04-06 21:28:20 428,578 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-04-06 20:31:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"Skype"="C:\Arquivos de programas\Skype\\Phone\Skype.exe" [2008-02-12 20:10 21898024]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 21:11 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"OpwareSE4"="C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-04-06 18:04:20 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2006-07-18 22:41 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-07-18 22:41 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

--a------ 2003-09-20 16:23 45056 C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-ra------ 2006-06-12 22:57 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-ra------ 2006-06-12 22:57 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-ra------ 2006-06-12 22:57 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 19:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-07-18 22:42 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-07-18 22:42 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 12:16 185896 C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1e-c812-11dc-9eb7-00197e55884e}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1f-c812-11dc-9eb7-00197e55884e}]

\Shell\Auto\command - msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{599415b6-b47c-11dc-9e71-00197e55884e}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853d8015-f5dd-11dc-9f30-00197e55884e}]

\Shell\AutoRun\command - fufb6tq3.cmd

\Shell\explore\Command - fufb6tq3.cmd

\Shell\open\Command - fufb6tq3.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aab05648-cab7-11dc-9ebd-00197e55884e}]

\Shell\Auto\command - E:\msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - GUSVC

*Newly Created Service* - IKFILESEC

*Newly Created Service* - IKSYSFLT

*Newly Created Service* - IKSYSSEC

*Newly Created Service* - SDAUXSERVICE

*Newly Created Service* - SDCORESERVICE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 22:48:47

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-06 22:49:27

ComboFix-quarantined-files.txt 2008-04-07 01:49:16

ComboFix2.txt 2008-04-06 19:51:48

Pre-Run: 100,376,117,248 bytes disponíveis

Post-Run: 100,365,725,696 bytes disponíveis

.

2008-03-12 06:02:32 --- E O F ---

- Log Hijack

Logfile of HijackThis v1.99.1

Scan saved at 22:54:55, on 6/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

e ai? resolveu alguma coisa?

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ai meu Deus! Então, fiz tudinho o que o senhor mandou e ainda continua aparecendo a caixinha com aquele diálogo chato quando ligo o pc...

será que tem salvação?:eek::confused::(

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então, tentei fazer o que mandou, mas agora nem o ComboFix ta rodando mais...

Eu arrasto o arquivo salvo no Bloco de Notas para o ComboFix, ele abre a janelinha azul e fecha sozinho. Não acontece nada....

Consegui! Instalei de novo o Combofix, ele não só rodou, como abriu uma tela enorme falando que meu pc tava com erro e fez um despejo de memória, dai quando terminou, iniciou o windows...

As logs que tenho agora são as seguintes:

- Combofix

ComboFix 08-04-08.4 - Win 2008-04-08 15:36:38.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.212 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Win\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- Hijack This

Logfile of HijackThis v1.99.1

Scan saved at 15:47, on 2008-04-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

quando o windows iniciou a janelinha com o erro do vírus gbiehbsb.dll continuou aparecendo...

Compartilhar este post


Link para o post
Compartilhar em outros sites

sim, isso já fiz, mas faço de novo...e dai?

toda vez que for rodá-lo preciso desabilitar o anti-virus, o firewall que baixei e o spyware, né?

Compartilhar este post


Link para o post
Compartilhar em outros sites

prontinho, fiz tudo de novo

os novos logs

- combofix

ComboFix 08-04-08.4 - Win 2008-04-09 18:30:43.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.134 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Win\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- hijack this

Logfile of HijackThis v1.99.1

Scan saved at 18:41, on 2008-04-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

....e a janelinha continua...

Compartilhar este post


Link para o post
Compartilhar em outros sites

obrigada pela ajuda, mas formatei meu pc...

foi o único jeito que encontrei de remover o vírus..

valeu mesmo!

beijo

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×